CALL FOR PAPERS
1st Evolving Security & Privacy Requirements Engineering Workshop: co-located with 22nd IEEE International Requirements Engineering Conference
http://espre2014.org
25 August - Karlskrona Sweden

* INTRODUCTION

When specifying a system, security and privacy needs to be addressed as early as possible. Unfortunately, many people find doing so difficult in the face of conflicting priorities. When these concerns are addressed, we discover how intrinsically difficult specifying security and privacy can be, and the blurred distinction between requirements and security and privacy concepts.

The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop will be a multi-disciplinary, one-day workshop that brings together practitioners and researchers interested in security and privacy requirements. ESPRE will probe the interfaces between Requirements Engineering and Security & Privacy, and take the first step in evolving security and privacy requirements engineering to meet a range of needs of stakeholders ranging from business analysts and security engineers, to technology entrepreneurs and privacy advocates.

* TOPICS

Topics addressed by ESPRE are those which will promote discussion about advancing Security & Privacy Requirements Engineering. These include, but are not excluded to:

- Security and privacy requirements elicitation and analysis
- Identification and management of all stakeholders (including attackers)
- Modelling multilateral stakeholder perspectives on security and privacy
- Scalability of security requirements engineering approaches
- Modelling of domain knowledge for security and privacy requirements
- Ontologies for security and privacy requirements engineering
- Security and privacy requirements engineering processes
- Evolution of security and privacy requirements
- Security requirements-based testing
- Consideration of legal compliance during security & privacy requirements engineering
- Use of requirements engineering to create security and privacy standard-compliant software
- Modelling of trust and risk
- Validation and verification of security and privacy requirements
- Teaching and training in security and privacy requirements engineering
- The role of security and privacy requirements engineering to support design innovation
- Positive (and especially negative) lessons learned applying security and requirements engineering in practice

* SUBMISSIONS

We invite research and position papers that address any of the workshop topics. Papers should be no more than 6 pages, conform to the IEEE Conference Publishing Services, and submitted electronically in PDF format to EasyChair: https://www.easychair.org/conferences/?conf=espre2014

Accepted papers will be published in the workshop proceedings, and made available via IEEE Xplore.

* SPECIAL ISSUE OF IJSSE

Selected revised and extended papers from the workshop will be submitted to a special issue of the International Journal of Secure Software Engineering (IJSSE).


* IMPORTANT DATES
- Submission Deadline: 21st April, 2014
- Author Notification: 26th May, 2014
- Publication ready versions: 20th June, 2014
- Workshop date: 25th August, 2014

* COMMITTEES

** Organising Committee
- Kristian Beckers (University of Duisberg-Essen, Germany)
- Shamal Faily (Bournemouth University, UK)
- Seok-Won Lee (Ajou University, South Korea)
- Nancy Mead (Carnegie Mellon University, USA)

** Programme Committee
- Raian Ali (Bournemouth University, UK)
- Andrea Atzeni (Politecnico di Torino, Italy)
- Steffan Bartsch (Technical University Darmstadt/CASED, Germany)
- Travis Breaux (Carnegie Mellon University, USA)
- Stephan Faßbender (University of Duisburg-Essen, Germany)
- Stefan Fenz (Vienna University of Technology, Austria)
- Carmen Fernandez Gago (University of Malaga, Spain)
- Sepideh Ghanavati (CRP Henri Tudor, Luxembourg)
- Martin Gilje Jaatun (SINTEF ICT, Norway)
- Stefanos Gritzalis (University of the Aegean, Greece)
- Seda Gürses (KU Leuven, Belgium)
- Marit Hansen (Independent Centre for Privacy Protection Schleswig-Holstein, Germany)
- Maritta Heisel (University of Duisburg-Essen, Germany)
- Denis Hatebur (ITESYS, Germany)
- Meiko Jensen (Independent Centre for Privacy Protection Schleswig-Holstein, Germany)
- Christos Kalloniatis (University of the Aegean, Greece)
- Anne Koziolek (Karlsruhe Institute of Technology, Germany)
- Emmanuel Letier (UCL, UK)
- Fabio Martinelli (CNR, Italy)
- Andreas Metzger (University of Duisburg-Essen, Germany)
- Federica Paci (University of Trento, Italy)
- Aljosa Pasic (ATOS, Spain)
- Gerald Quirchmayr (University of Vienna, Austria)
- Thomas Santen (Microsoft Research, Germany)
- Riccardo Scandariato (KU Leuven, Belgium)
- Holger Schmidt (TÜV Informationstechnik GmbH, Germany)
- Bjørnar Solhaug (SINTEF ICT, Norway)
- Ketil Stølen (SINTEF ICT, Norway)
- Sven Wenzel (Fraunhofer ISST, Germany)